Plattform
nodejs
Komponente
astro
Behoben in
5.13.5
5.13.10
CVE-2025-59837 represents a patch bypass vulnerability within the Astro content management system. This flaw allows attackers to circumvent the intended fix for CVE-2025-58179, enabling cross-site scripting (XSS) attacks. The vulnerability impacts versions of Astro prior to 5.13.10 and can be exploited by crafting malicious image URLs containing backslashes. A fix has been released in version 5.13.10.
This XSS vulnerability allows an attacker to inject arbitrary JavaScript code into a user's browser when they access a crafted URL. Successful exploitation could lead to the theft of sensitive information, such as session cookies, authentication tokens, and personally identifiable information (PII). Attackers could also leverage this vulnerability to redirect users to malicious websites, deface the website, or execute arbitrary code on the user's machine. The bypass nature of this vulnerability makes it particularly concerning, as it circumvents a previously deployed security patch. The attack vector involves manipulating image URLs, making it potentially difficult to detect through standard input validation techniques.
This vulnerability is a patch bypass, meaning it exploits a weakness in a previously released fix. Public proof-of-concept (PoC) code is available, demonstrating the ease of exploitation. The vulnerability was publicly disclosed on 2025-10-28. It is not currently listed on the CISA KEV catalog, and there are no confirmed reports of active exploitation at this time, but the availability of a PoC increases the risk of exploitation.
Websites and applications built with Astro that are running versions prior to 5.13.10 are at risk. This includes those relying on image processing or serving content dynamically. Shared hosting environments using Astro are particularly vulnerable, as they may not have control over the underlying server configuration or the ability to quickly apply updates.
• nodejs: Monitor application logs for requests containing backslashes in image URLs, particularly those referencing raw.githubusercontent.com. Use grep to search for patterns like \raw.githubusercontent.com in access logs.
grep '\\raw.githubusercontent.com' /var/log/nginx/access.log• generic web: Use curl to test image endpoints with crafted URLs containing backslashes. Check for JavaScript execution in the response.
curl 'https://your-astro-site/_image?href=\\raw.githubusercontent.com/projectdiscovery/nuclei-templates/refs/heads/main/helpers/payloads/retool-xss.svg&f=svg' -s | grep -i '<script>'disclosure
poc
Exploit-Status
EPSS
0.07% (20% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2025-59837 is to upgrade to Astro version 5.13.10 or later. If upgrading is not immediately feasible, consider implementing a Web Application Firewall (WAF) rule to block requests containing backslashes in image URLs. Specifically, look for patterns like \raw.githubusercontent.com. Additionally, review and sanitize all user-supplied input, especially when handling image URLs. Monitor application logs for suspicious activity, such as unusual requests containing backslashes in image URLs. After upgrading, confirm the fix by attempting to trigger the bypass with a known malicious URL and verifying that the script is not executed.
Aktualisieren Sie Astro auf Version 5.13.10 oder höher. Diese Version enthält die Korrektur für die SSRF- und XSS-Schwachstelle. Führen Sie `npm update astro` oder `yarn upgrade astro` aus, um auf die neueste Version zu aktualisieren.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-59837 is a patch bypass vulnerability in Astro, allowing attackers to inject malicious scripts via backslashes in image URLs, potentially leading to data theft and account takeover.
You are affected if you are using Astro versions prior to 5.13.10 and are vulnerable to XSS attacks through manipulated image URLs.
Upgrade to Astro version 5.13.10 or later. As a temporary workaround, implement a WAF rule to block requests containing backslashes in image URLs.
While there are no confirmed reports of active exploitation, the availability of a public proof-of-concept increases the risk.
Refer to the Astro security advisory on their GitHub repository: [https://github.com/withastro/astro/security/advisories/CVE-2025-59837](https://github.com/withastro/astro/security/advisories/CVE-2025-59837)
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.